Protect your clients’ most important data with email encryption

The large-scale data breaches at Target and Home Depot are just a few of the recent incidences that have people worried about the security of their personal information. The worry isn’t just about retailers and credit cards—but also with the security of personal information held with banks, financial advisor firms, doctors, accountants, and government agencies.

The average consolidated total cost of a data breach increased 15% in the last year to 3.5 million, according to a global 2014 study by the Ponemon Institute. Loss of customers, payouts in fines, and damage to reputation are just a few of the painful consequences that can result when client data is compromised.

To stay ahead of cybersecurity risks, leaders in the compliance and IT fields are implementing data-loss control plans. An important element of a data-loss control plan includes encryption and data leak prevention solutions to help safeguard sensitive information.

Encryption is the process of scrambling information (using mathematical algorithms with keys) so unauthorized users can’t read it, and only authorized persons with the appropriate keys can decrypt data and access it in its original form. While encryption is just one part of an overall security system, it has a key role, giving companies a way to encode words, numbers and images to prevent misuse.
Data leak prevention (DLP) technology can be used to monitor, detect, and then block or encrypt data that is being sent outside the company.

If your company is considering encryption and DLP, it is best practice to first review the type of data your business needs to process or collect within email or CRM systems. Here are a few examples by business type:

• Financial services firms and financial advisors are required to encrypt any emails or correspondence that includes a client’s social security number, financial statements, or any other personally identifiable information. Documents that must be encrypted include a client’s prospectus, annual report, or regular account statement. Financial securities regulators pay close attention to cyber-security for broker-dealers and registered investment advisors, and the SEC is now examining firms to assess their cyber-security preparedness, since it’s critical to the integrity of the market and client data protection.
• Doctors and medical offices use encryption when sharing confidential information, medical records and test results with their patients.
• Government agencies encrypt electronic information that’s sent to a citizen or resident, such as birth records, house and property taxes, etc. Document scans (like a photo of a client’s driver’s license) are often ripe for fraud or identity theft, so these are critical to protect.
• Accountants use data encryption when preparing tax returns and sharing confidential information with their clients, including financial statements, work history, filing statements, and forms that may contain social security or personally identifiable information.
• Banks often encrypt bank statements, or any document sent to a client with an attachment, especially forms that may include social security information.

Companies in these regulated markets face serious consequences if sensitive information is lost or stolen—but just about any type of company that sends sensitive information can benefit from encryption and DLP technology.

Along with taking a look at your overall cyber-security practices, data encryption and DLP are two of the best ways to protect your clients. If managed well, encryption and DLP can also give your clients extra reassurance that you take their data security seriously—and sends a message to would-be thieves that they won’t get what they want.